sail - Formal specification language for ISAs

Age	Commit message (Collapse)	Author
2019-05-09	SMT: Make path conditionals more precise	Alasdair Armstrong
	Previously path conditionals for a node were defined as the path conditional of the immediate dominator (+ a guard for explicit guard nodes after conditional branches), whereas now they are the path conditional of the immediate dominator plus an expression encapsulating all the guards between the immediate dominator and the node. This is needed as the previous method was incorrect for certain control flow graphs. This slows down the generated SMT massively, because it causes the path conditionals to become huge when the immediate dominator is far away from the node in question. It also changes computing path conditionals from O(n) to O(n^2) which is not ideal as our inlined graphs can become massive. Need to figure out a better way to generate minimal path conditionals between the immediate dominator and the node. I upped the timeout for the SMT tests from 20s to 300s each but this may still cause a failure in Jenkins because that machine is slow.
2019-04-13	SMT: More builtins	Alasdair
	Add some tests for arithmetic operations. Some tests fail in either Z3 or CVC4 currently, due to how overflow is handled.
2019-04-11	SMT: Add property and counterexample directive	Alasdair Armstrong
	Rather than generating SMT from a function called check_sat, now find any function with a $property directive and generate SMT for it, e.g. $property function prop_cap_round_trip(cap: bits(128)) -> bool = { let cap_rt = capToBits(capBitsToCapability(true, cap)); cap == cap_rt } $property function prop_base_lteq_top(capbits: bits(128)) -> bool = { let c = capBitsToCapability(true, capbits); let (base, top) = getCapBounds(c); let e = unsigned(c.E); e >= 51 \| base <= top } The file property.ml has a function for gathering all the properties in a file, as well as a rewrite-pass for properties with type quantifiers, which allows us to handle properties like function prop forall 'n, 'n <= 100. (bv: bits('n)) -> bool = exp by rewriting to (conceptually) function prop(bv: bits(MAX_BIT_WIDTH)) -> bool = if length(bv) > 100 then true else exp The function return is now automatically negated (i.e. always true = unsat, sometimes false = sat), which makes sense for quickcheck-type properties.
2019-04-09	SMT: Experimental Jib->SMT translation	Alasdair Armstrong
	Currently only works with CVC4, test cases are in test/smt. Can prove that RISC-V add instruction actually adds values in registers and that's about it for now.